WMI Event Subscription Process Persistence

This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when the specified process is started. Additionally a custom command can be specified to run once the trigger is activated using the advanced option...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-PoC-exploit Apache Tomcat Deserialization RCE...

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Date: 3-8-2023 Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add the invoice. when a comment is added during the creation of invoices by any user then due to improper sanitization XSS payload gets triggered. 🕵️‍♂️ Proof of Concept...

Gadget Works Online Ordering System 1.0 - (Category) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1....

Medical Center Portal Management System 1.0 - Multiple Stored XSS

Exploit Title: Medical Center Portal Management System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...

Bash Profile Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bash Profile Persistence', 'Description' = %q" This module writes an execution trigger to the target's Bash profile. The execution trigger execut...

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)

Agent Tesla Botnet - Arbitrary Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Tesla Agent Remote Code Execution", 'Description' = %q This module exploits the command...

CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)

An Stored Cross Site Scripting was reported by the author to CM Ad Plugins under which an unprivileged user can trigger a Stored XSS to perform malicious actions or any attacker could send a crafted link CSRF which can trigger the Stored XSS. 1 Go to CM Ad changers - Campaigns 2 Create a Campaign...

Windows Manage User Level Persistent Payload Installer

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

dzX 2.0/2. 5 pass to kill 0day stored XSS a gold-bug warning-the black bar safety net

The vulnerability occurs in the plug attachment to the place. Says to plug in the Annex you tell me what also should be thought about certainly is the file name. Because the file name is in accordance with the local Upload File name to be displayed. If youroperating systemis a linux you can...